summaryrefslogtreecommitdiff
path: root/source3/winbindd
AgeCommit message (Collapse)AuthorFilesLines
2012-03-24lib/util: Remove obsolete sys_getpid() and sys_fork().Jelmer Vernooij3-6/+6
The performance of these is minimal (these days) and they can return invalid results when used as part of applications that do not use sys_fork(). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
2012-03-24libreplace: Add getpeereid implementation.Jelmer Vernooij2-2/+4
2012-03-19s3-winbindd Only use SamLogonEx when we can get unencrypted session keysAndrew Bartlett1-2/+2
This ensures that we have some check on the session keys being returned as the RC4 cipher is not checksumed. The check comes from the fact that the credentials chain is tied to the session key, and so if the credentials check passes then the netlogon session key will be correct, and so the user session key will be correctly decrypted. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Mar 19 21:31:46 CET 2012 on sn-devel-104
2012-03-15s3:smbd: let smbd/nmbd/winbindd child processes terminate if the parent ↵Michael Adam1-0/+11
process died. This applies to all child processes making use of reinit_after_fork(). It is implemented by establishing a pipe between parent and child. The child watches for EOF on the read end of the pipe, indidcating an exited parent. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2012-03-07s3: piddir creation fix part 2.Ira Cooper1-0/+4
Since the piddir got moved from the lockdir by default, the default piddir wasn't getting created, stopping some configurations from running. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-04s3-winbindd: Add stdin handler for winbindAndrew Bartlett2-3/+48
This will help avoid runaway processes in the test env, particularly when the whole selftest.pl is killed. Andrew Bartlett
2012-02-27s3-winbindd: Close netlogon connection if the status returned by the ↵Matthieu Patou1-1/+20
NetrSamLogonEx call is timeout in the pam_auth_crap path If not the child process would hang for quite a long time up to the moment when the connection is cleaned by the kernel (took ~ 20 minutes) in my tests. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104
2012-02-25s3: Use the correct enum valuesVolker Lendecke1-3/+3
wbcIdType and id_type have the same values, but different names Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Sat Feb 25 23:46:36 CET 2012 on sn-devel-104
2012-02-20s3-winbindd: pass logon parmeters down to check_sam_security()Andrew Bartlett1-2/+6
This allows ntlm_auth --diagnostics to work against the local DC, just as it works against a member server. Andrew Bartlett
2012-02-18Fix a bunch of "unused variable" warnings.Jeremy Allison3-7/+2
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
2012-02-16lib/util: Remove sys_poll as it is no longer neededAndrew Bartlett1-1/+1
sys_poll() is only needed if the signal pipe is set up and used, but as no signal handler ever writes to the pipe, this can all be removed. signal based events are now handled via tevent. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-02-16Rename obscure defined constants.Christopher R. Hertel (crh)1-1/+1
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-10s3-winbindd: set the can_do_validation6 also for trusted domainMatthieu Patou1-0/+2
The flag can_do_validation6 was only set for the domain to which winbindd is the member. Setting this flag in other domains (trusted domain) if it's active directory domain is a good idea as it allow to do level 6 validation also when winbindd is querying them directly.
2012-02-06s3-winbind: Remove unused bool "local"Christof Schmitt1-5/+2
"local" is always False, so simply remove it and the if statement checking its value. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Feb 6 23:27:48 CET 2012 on sn-devel-104
2012-01-30s3-winbind: don't try to do clever thing if the username is not found while ↵Matthieu Patou1-1/+2
authenticating through winbind This could cause that we authenticate a user with a bogus domain to winbind's domain if the password supplied for the PAM_AUTH match. The problem was reported by Jeff Venable (jvenable@juniper.net). Patch from Andrew Bartlett (abartlett@samba.org). Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
2012-01-18s3-librpc: pass struct ndr_interface_table down to ↵Andrew Bartlett1-2/+2
cli_pipe_open_generic/spnego() This allows the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Make cli_rpc_pipe_open_spnego_ntlmssp() genericAndrew Bartlett1-9/+14
This also avoids passing NULL as the server to gensec_set_target_hostname() in spnego_generic_init_client(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3: Add a "lock_order" argument to db_openVolker Lendecke3-3/+6
This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
2012-01-06s3-winbindd: convert cached credentials to use auth_generic/gensec for NTLMSSPAndrew Bartlett1-33/+46
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3: Remove some redundant codeVolker Lendecke1-5/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Jan 5 17:16:45 CET 2012 on sn-devel-104
2012-01-04s3-winbind: Fix segfault if we can't map the last user.Andreas Schneider1-0/+18
This fixes bug #8678. The issue is caused by bug #8608. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Wed Jan 4 18:30:53 CET 2012 on sn-devel-104
2012-01-04s3-winbind: Move finding the domain to it's own function.Andreas Schneider1-11/+21
This the first part to fix bug #8678.
2011-12-20s3: Fix some False/NULL hickupsVolker Lendecke1-2/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
2011-12-16s3:idmap_autorid: use less transactionsChristian Ambach1-55/+76
reduce the amount of transactions that are mostly unnecessary because no updates were done, only reads Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Fri Dec 16 20:18:37 CET 2011 on sn-devel-104
2011-12-12s3: Remove a bunch of calls to procid_self()Volker Lendecke2-2/+1
All callers to messaging_[re]init only used procid_self()
2011-12-03Revert making public of the samba-module library.Jelmer Vernooij6-6/+6
This library was tiny - containing just two public functions than were themselves trivial. The amount of overhead this causes isn't really worth the benefits of sharing the code with other projects like OpenChange. In addition, this code isn't really generically useful anyway, as it can only load from the module path set for Samba at configure time. Adding a new library was breaking the API/ABI anyway, so OpenChange had to be updated to cope with the new situation one way or another. I've added a simpler (compatible) routine for loading modules to OpenChange, which is less than 100 lines of code. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
2011-12-03s3-winbind: Add an update function for winbind cache.Andreas Schneider1-2/+94
With 57b3d32 we changed the format for the winbind cache database and the code deleted the database for the upgrade. As this database holds also cached credentials, removing it is not an option. We need to update from version 1 to version 2. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Dec 3 03:47:58 CET 2011 on sn-devel-104
2011-12-02s3-winbind: Remove unused keys from list.Andreas Schneider1-2/+0
DR and DE have been removed with 0834574fdd6b469797b3b6a4edd45f321b9b9971. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Dec 2 19:02:45 CET 2011 on sn-devel-104
2011-11-28s3: Use tevent_req_simple_recv_ntstatusVolker Lendecke1-6/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Nov 28 17:14:27 CET 2011 on sn-devel-104
2011-11-25s3: user_domain is not used in wb_getpwsidVolker Lendecke1-7/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Nov 25 13:23:30 CET 2011 on sn-devel-104
2011-11-24s3:winbindd_cm: make use of cli_tree_connect()Stefan Metzmacher1-1/+1
metze
2011-11-22s3: Fix wb_next_pwent_fill_doneVolker Lendecke1-1/+0
Within a callback routine it is not possible to call tevent_req_post Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Nov 22 19:17:30 CET 2011 on sn-devel-104
2011-11-21s3:winbindd_cm: close sockfd on error in cm_prepare_connection()Stefan Metzmacher1-0/+2
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Nov 21 19:58:58 CET 2011 on sn-devel-104
2011-11-17s3-smbldap: move ldap_open_with_timeout out of smb_ldap.h to ads where it lives.Günther Deschner1-1/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Nov 17 03:47:53 CET 2011 on sn-devel-104
2011-11-17s3-winbindd: no need to globally include ldap headers in winbindd.Günther Deschner2-2/+1
Guenther
2011-11-16s3-winbindd/winbindd_cm.c: remove cli_nt_error()Björn Baumbach1-8/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-16s3:winbindd_cm: remove unused ads_statusStefan Metzmacher1-3/+0
metze
2011-11-16s3-waf: create a smbldap.so library.Günther Deschner1-0/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 16 14:03:05 CET 2011 on sn-devel-104
2011-11-16s3-smbldap: extend smbldap_init() with binddn/bindsecret arguments.Günther Deschner1-1/+3
Guenther
2011-11-16s3-passdb: split out passdb/pdb_ldap_schema.cGünther Deschner1-0/+1
Guenther
2011-11-15s3-winbind: Don't fail on users without a uid.Andreas Schneider1-1/+19
This fixes bug #8608. If you join samba with idmap_ad backend to an AD. When you try to enumerate users with 'getent passwd' and the user doesn't have a uid set, then getent is aborted cause of NT_STATUS_NONE_MAPPED. If we can't map a user we should not stop but continue enumerating users. This normally happens with the default user 'krbtgt' with idmap_ad but could also happen with other backends. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Tue Nov 15 16:52:04 CET 2011 on sn-devel-104
2011-11-15s3-winbind: Make sure the map is clean.Andreas Schneider1-1/+5
2011-11-14s3-modules: remove the last "init_module" traces.Günther Deschner2-4/+0
Guenther
2011-11-03s3:winbindd: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher1-1/+1
metze
2011-10-28Fix bug #8548 - winbind_samlogon_retry_loop ignores logon_parameters flags.Jeremy Allison1-2/+2
Fix confirmed by reporter. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 28 23:04:47 CEST 2011 on sn-devel-104
2011-10-28lib/util Rename samba_init_module -> samba_module_initAndrew Bartlett6-6/+6
This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett
2011-10-24idl: Improve MS-PAC IDLSimo Sorce1-7/+7
Change some misleading variable names to reflect the actual function. Add missing field name/types previously marked as unkown. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
2011-10-21s3:idmap_autorid: add an allocation range to autoridChristian Ambach1-1/+96
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators and for local users/group that admins might want to create autorid will now allocate one range for this purpose and can so give out as many uids and gids as the configured rangesize allows
2011-10-21s3:idmap_autorid: move HWM initialization into a functionChristian Ambach1-17/+27
we will need some more HWM soon, so move out initialization and optimize the logic using the new interface of dbwrap_fetch_uint32
2011-10-21s3:idmap_autorid: use strings as parameter for range allocatorChristian Ambach1-14/+14
this prepares for allocation of non-domain ranges that cannot be expressed by a SID (e.g. an allocation pool)